Skip to content

Home.en

Marcel edited this page Jul 9, 2026 · 2 revisions

Deutsch | English

HumanShield.APP

HumanShield.APP is a self-hosted open-core platform for phishing awareness: plan, send and evaluate simulated phishing campaigns to make employees' resilience against social engineering measurable.

This wiki is the official documentation and is kept aligned with the current development status.


What the platform can do

  • Campaigns planning and sending, with scheduling
  • Templates for phishing emails (HTML or Markdown editor, personalization variables, .eml import including attachments)
  • Recipient groups via manual entry, CSV or LDAP
  • Landing pages as the click target (HTML/Markdown, optional form capture)
  • Tracking: opens, clicks and form submissions — with evaluation per recipient
  • Sending profiles (SMTP per sender identity) plus a global fallback SMTP
  • User management with roles, local login and optional OIDC SSO
  • Two-factor authentication (authenticator app or email code, enforceable, backup codes)
  • Audit log of sign-ins and system changes
  • Light/dark mode, modern dashboard

Guiding principles

  • Vendor-neutral & self-hosted: Runs at any operator; all environment-specific values (domain, IdP, SMTP) come from .env/config — nothing is hard-wired in the code.
  • Security: Runtime credentials encrypted at rest (Fernet), passwords with Argon2id, hardened containers.

Getting started


HumanShield.APP is an independent open-core project; the core is licensed under the Mozilla Public License 2.0 (MPL-2.0). The commercial add-ons are separate and proprietary.

Clone this wiki locally